On Fri, Apr 22, 2016 at 03:35:19PM -0400, Simon Sekidde wrote: > > > ----- Original Message ----- > > From: "Robin Lee Powell" <rlpowell@xxxxxxxxxxxxxxxxxx> > > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > > Sent: Friday, April 22, 2016 2:21:41 PM > > Subject: unconfineduser module? > > > > > > So my impression is that the "unconfined" module is the "man, users > > do weird stuff" grabbag module, and that it is good and helpful to > > run without it because *in theory*, nothing should actually need > > the unconfined module to work. > > > > I noticed on my system that there's also an unconfineduser module , > > but that I can't disable it: > > > > # semodule -d unconfineduser > > Failed to resolve 'unconfined_u' in selinuxuser statement at line 19116 of > > /var/lib/selinux/targeted/tmp/modules/100/base/cil > > semodule: Failed! > > > > Basically you can't disable unconfineduser while still logged in as unconfined_t > > # id -Z > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > And so I'm vaguely curious as to what that module is for and how it > > relates to the unconfined module; "man unconfined_selinux" does not > > make it obvious. > > http://danwalsh.livejournal.com/42394.html Oh, perfect, thanks! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
